grsecurity forums

[osa]

Hi

In morring when cron is starting I have notice in logs:

grsec: (root:U:/usr/sbin/cron) denied access to hidden file /dev/log by /usr/sbin/cron[cron:23451] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/cron[cron:27441] uid/euid:0/0 gid/egid:0/0

subject /usr/sbin/cron o {
/ h
/bin h
/bin/bash x
/dev h
/dev/log rw
/etc r
/etc/grsec h
/etc/ssh h
/lib h
/lib/security/pam_env.so rx
/lib/security/pam_unix.so rx
/lib/tls/libcrypt-2.3.2.so rx
/usr/sbin/sendmail rx
/var h
/var/spool/cron/crontabs r
/root
-CAP_ALL
+CAP_SETGID
+CAP_SETUID
bind disabled
connect disabled
}

gradm version -> 2.1.8
grsecurity patch -> 2.6.14.4

Where is a error in policy?

-osa

[hmhansolo]

Remove '/dev/ h'... i believe if u hide /dev/ u will hide everything in it... instead just add '/dev'... without specifying any permissions, it will block all accesses, but the file will still be accessible...